1. Field of the Invention
This invention is related to the field of data encryption, and more particularly, to a system and methodology for securing communication between components within a system as well as for binding the components of a system together.
2. Description of the Related Art
Up until recently the security of communication between modules within a system and the protection of those modules against reuse had not been considered issues worth addressing since it was assumed that the owner of the system had use and disposition rights to both the components that constitute the system and the information that is processed within the system.
These assumptions are no longer valid. Computers and communication devices are used to store and play audio and video content owned by others (and licensed only for limited use). With the advent of pay-as-you-go and subscription-based computing, although the person who pays the initial payment for the service may legally own the hardware, the underwriter of the service has not yet recovered the full market value of the hardware. The underwriter needs the assurance that the system will not be chopped up and the components sold prior to receiving a return on his investment.
While software-based encryption techniques work fine for protecting media content as it is transmitted from the provider to the licensed consumer, these techniques do nothing to protect the content once it has been decoded into a standard audio or video formats within the consumer's computing system or communication device. To extend rights management into this realm, communication pathways between components within the system must be secured.
To be practical for use inside a system between components, techniques must be employed that are fast and inexpensive to implement since at each inter-module interface data must be encrypted for transmission and decrypted as it is received. As it turns out, the same mechanisms that protect the information transmitted between components can also be used to bind components together.
Herein a module is an electronic component packaged in a self-contained manner. Typically, a module is instantiated as a semiconductor-based integrated circuit mounted on a substrate material that brings out electrical contact points for mounting to a higher-level package such as a printed circuit board. The more general term component is used as a synonym.
For secure communication between systems, one popular alternative is public key encryption using publicly accessible asymmetric encryption/decryption algorithms such as RSA or DSA. Another alternative is encryption based on block ciphers.
In the area of protecting the components that constitute a system or device, one might use some form of physical means of protection. These means would likely be techniques like encapsulating the printed circuit board that supports and interconnects the modules or permanently affixing an enclosure around the printed circuit board assembly to protect the components from removal.
None of the techniques mentioned above are appropriate for the class of products envisioned and addressed by the methods disclosed herein. Encapsulation is typically only appropriate for very low power products. A permanently sealed enclosure would prevent user access to add-in card slots (which are normally provided in a personal computer or communication device to allow functional upgrades) and prevent the adding of specialized I/O and computation devices. In addition, both physical means are easily defeated by a motivated remanufacturer.
Software-based encryption/decryption using a standard public domain algorithm might be used to bind two systems together and secure communication between the systems (provided each system has a processor capable of executing the algorithm). However, software-based encryption/decryption is not appropriate for binding together modules within a system or for securing communication between modules within a system.
Thus, there exists a significant need for mechanisms capable of: (a) providing secure communication between modules using simple algorithms that may be implemented in hardware and operate at high speed; (b) providing a strength of encryption and inter-module binding that is cost effective and appropriate to the assets being protected; and (c) removing economic incentive to remove modules from a cost-subsidized product for resale. Furthermore, it would be desirable for the implementation of such mechanisms to cause minimal disruption of normal manufacturing flows (e.g., the flows for fabricating integrated circuits and for building printed circuit board assemblies and systems).